Pwn2Own 2022: Windows 11, Ubuntu, Firefox, Safari, Tesla and more hacked
The Pwn2Own hacking event took place from May 18 to 20, 2022. This year, security researchers successfully hacked into Windows 11 and Ubuntu, Firefox, Safari, Microsoft Teams, a Tesla, and other targets over the three days of the event. .
Pwn2Own is an annual event that brings together security researchers from around the world. On the 15th anniversary of the event, 17 security researchers attempted to exploit 21 targets across multiple categories.
On day 1 of the event, researchers managed to hack into Microsoft Teams, Oracle VirtualBox, Mozilla Firefox, Microsoft Windows 11, Apple Safari, and Ubuntu Desktop. Microsoft Teams and Ubuntu Desktop were successfully hacked on multiple computers throughout the day. All attempts were successful on the day.
On day 2, security researchers hacked Tesla Model 3 infotainment system, Ubuntu Desktop and Microsoft Windows 11. Ubuntu Desktop was successfully hacked twice. Two hacking attempts against Microsoft Windows 11 and Tesla failed that day.
On day 3, hackers managed to exploit Windows 11 and Ubuntu Desktop successfully. The researchers exploited Microsoft’s Windows 11 operating system three times a day, with no failed attempts.
Mozilla has already released an update for the organization’s Firefox web browser. Firefox 100.0.2, Firefox ESR 91.9.1, Firefox for Android 100.3, and Thunderbird 91.9.1 are now available with patches for the reported security vulnerability.
Here is an overview of successful Windows 11 hacks:
Marcin Wizowski was able to execute an out-of-bounds write privilege escalation on Microsoft Windows 11, earning $40,000 and 4 Master of Pwn points, and high praise for the accompanying whitepaper from the Microsoft team.
Phan Thanh Duy (@PTDuy and Lê H?u Quang Linh (@linhlhq of STAR Labs won $40,000 and 4 Master of Pwn points for a Use-After-Free privilege elevation in Microsoft Windows 11.
T0 was able to successfully show an incorrect access control error leading to elevation of privilege in Microsoft Windows 11, earning $40,000 and 4 Master of Pwn points.
nghiadt12 from Viettel Cyber Security was able to successfully show privilege escalation via Integer Overflow on Microsoft Windows 11, earning $40,000 and 4 Master of Pwn points.
vinhthp1712 successfully achieved Elevation of Privilege via improper access control in Microsoft Windows 11. vinhthp1712 wins $40,000 and 4 Master of Pwn points
In the final attempt of the competition, Bruno PUJOS (@brunopujos) from REverse Tactics successfully achieved Elevation of Privilege via Use-After-Free on Microsoft Windows 11. Bruno wins $40,000 and 4 Master of Pwn points.
Microsoft is expected to release updates for Windows 11 in the coming weeks. A likely target is June 2022 patch day, which is scheduled for June 14, 2022. The company can patch critical security issues earlier, as emergency updates can be released to address issues at any time. .
Vendors whose products were attacked during the event “have 90 days to produce a fix” for the discovered vulnerabilities, according to the Zero Iniciate website.
You can consult the complete summary of the event. Click here if you are interested in additional details on specific hacks or links to the hacker profiles of the security researchers who participated in the event.